Carnegie Mellon University Website Home Page
 

RHN Satellite Server Certificate Change 5/23/13

(US Eastern Time)
DAY: Thursday
DATE: May 23, 2013

WHO DOES THIS AFFECT?
Anyone using RedHat Enterprise Linux (RHEL) with the infrastructure satellite server (rhn.andrew.cmu.edu).

SUMMARY:
The current certificate used for our RHN satellite server is expiring, and the new replacement certificate has a different issuer. Therefore, once Computing Services installs the new certificate, clients of the satellite will stop receiving updates until they are configured to trust the new issuer.

WHAT YOU NEED TO DO:
To make this change, append the "AddTrust External CA Root" certificate to your /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT file. This certificate can be obtained from AFS at /afs/andrew.cmu.edu/data/db/certs/AddTrustExternalCARoot.crt or from the web at https://www.as.cmu.edu/AddTrustExternalCARoot.crt (fingerprint below).

SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68

A simple way to accomplish the change is:

cat /afs/andrew.cmu.edu/data/db/certs/AddTrustExternalCARoot.crt >> /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

The current certificate expires on May 23, 2013 at 8:00 pm Eastern Time. Please make the change on relevant machines by 5:00 pm on May 23. It is safe to make the change early as it will not invalidate your ability to use the current certificate.

We apologize for any inconvenience.

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.